• Courses
      • Executive Management Courses
      • Global Series of National Privacy Laws
      • Netherlands Privacy Academy (in Dutch)
      • Caribbean Data Protection Academy
    • Resources
    • Join GADPPRO ACADEMY
      • Join GADPPRO Academy as an Official Partner
      • Become an Official GADPPRO Training Entity
      • Join the GADPPRO Business Academy
      • Secretariat & International Training Centre
      • Contact Us
    •  
      • RegisterLog in
    Privacad GADPPRO Academy
      • Courses
        • Executive Management Courses
        • Global Series of National Privacy Laws
        • Netherlands Privacy Academy (in Dutch)
        • Caribbean Data Protection Academy
      • Resources
      • Join GADPPRO ACADEMY
        • Join GADPPRO Academy as an Official Partner
        • Become an Official GADPPRO Training Entity
        • Join the GADPPRO Business Academy
        • Secretariat & International Training Centre
        • Contact Us
      •  
        • RegisterLog in

      Blog

      Privacy Guidelines on Interplay of the Second Payment Services Directive and the GDPR – version for public consultation

      • Categories Blog, Business, Design / Branding, Free Data Protection Resources, Uncategorized
      • Date September 30, 2020

      Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR

      Section 6.1  Data minimisation and data protection by design and default

      58 The principle of data minimisation is enshrined in Article5 (1) (c) GDPR: “Personal data shall be […]adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”. Essentially, under the principle of data minimisation, controllers should process no more personal data than what is necessary in order to achieve the specific purpose in question. As pointed out in Chapter 2, the amount and the kind of personal data necessary to provide the payment service is determined by the  objectiveand mutually understood contractual purpose. Data minimisation is applicable to every processing (e.g. every collection of or access to and request of personal data). The EDPB Guidelines 4/2019 onArticle 25 Data Protection by Designand by Default, state that ‘processors and technology providers should also be aware that controllers are required to only process personal data with systems and technologies that have built-in data protection.’

      59 Article 25 of the GDPR contains the obligations to apply data protection by design and by default. These obligations are of particular importance to the principle of data minimisation. This Article determines that the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, which are designed to implement data protection principles in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of the GDPR and protect the rights of data subjects. The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. These measures may include encryption, pseudonymisation and other technical measures.

      60 When the obligation of article 25 of the GDPR is applied, the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing are the elements that have to be taken into account. Further clarifications about this obligation are given in the abovementioned EDPB Guidelines 4/2019 on Article 25 Data Protection by Design and by Default.

      • Share:
      User Avatar
      Richard V

      Previous post

      Privacy Guidelines on Interplay of the Second Payment Services Directive and the GDPR – version for public consultation
      September 30, 2020

      Next post

      Privacy Guidelines on Interplay of the Second Payment Services Directive and the GDPR – version for public consultation
      September 30, 2020

      You may also like

      Children Safety Encryption www.privacad.com
      Apple’s New Step to Protect Child Abuse via Encryption Feature
      20 August, 2021
      DNA Technology and Privacy www.privacad.com
      DNA Technology Regulation Bill and Violation of Privacy for Minority Groups
      19 August, 2021
      www.privacad.com
      India accuses Twitter of not complying with new IT rules
      18 August, 2021

      Search

      Categories

      • Blog
      • Business
      • Design / Branding
      • Free Data Protection Resources
      • Nederlandse Privacy Academie
      • Uncategorized
      Facebook-f Linkedin-in

      © Privacad 2020

      For all your questions about courses

      students@privacad.com

      For all your questions about Privacad for business

      info@privacad.com

      Links

      • Courses
      • Become a GADPPRO Academy Official Training Entity
      • Resources
      • Free Data Protection Resources
      • Blog
      • Profile
      • Students Stewards Network (SSN)

      Support

      • Privacy Policy
      • Terms of Use
      • FAQs
      • Contact

      © GADPPRO Academy | Privacad 2023

      GADPPRO Academy 2023

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account

      Are you a member? Login now